Total Pageviews

Thursday, 27 August 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related links


  1. Hacker Tools Hardware
  2. Hacker Tools Software
  3. Hacking Tools Windows 10
  4. Hacker Tools Hardware
  5. Hacking Tools For Kali Linux
  6. Hacking Tools 2019
  7. Hacking Tools For Mac
  8. Hack Tools For Windows
  9. Hack Tools For Mac
  10. Hacker Tools Free Download
  11. Hacker Tools For Pc
  12. Hacker Tools Github
  13. Hacker Tools Free Download
  14. Pentest Tools Url Fuzzer
  15. Hacker Tools Apk
  16. Hack Website Online Tool
  17. Hack Tools Pc
  18. Tools For Hacker
  19. Hack And Tools
  20. Pentest Tools Apk
  21. Hack Tool Apk
  22. Underground Hacker Sites
  23. World No 1 Hacker Software
  24. Install Pentest Tools Ubuntu
  25. Pentest Automation Tools
  26. Pentest Tools Github
  27. Hacking Tools Online
  28. Pentest Tools Port Scanner
  29. Hacker Tools Free Download
  30. How To Install Pentest Tools In Ubuntu
  31. Hacking Tools For Windows
  32. Best Hacking Tools 2019
  33. Pentest Tools
  34. Hacking Tools 2019
  35. Hacking Tools For Windows 7
  36. Hacker Tools Apk
  37. Hacker Tools Software
  38. Hack Tools
  39. Pentest Tools Website
  40. Hacking Tools Windows 10
  41. Pentest Tools Bluekeep
  42. Hacking Tools Usb
  43. Usb Pentest Tools
  44. Pentest Tools Port Scanner
  45. Hacking Tools Download
  46. Beginner Hacker Tools
  47. Hacking Tools For Windows
  48. Best Pentesting Tools 2018
  49. Hacker Tools For Ios
  50. Hacking Tools Download
  51. Computer Hacker
  52. Hacking Tools Windows 10
  53. Hacker Hardware Tools
  54. Hacker Hardware Tools
  55. New Hacker Tools
  56. Hacking Tools Windows 10
  57. Hacking Tools Software
  58. Nsa Hacker Tools
  59. Nsa Hacker Tools
  60. New Hacker Tools
  61. Pentest Automation Tools
  62. Hacker Tools Apk
  63. Bluetooth Hacking Tools Kali
  64. Hacking Tools For Windows
  65. New Hack Tools
  66. Hack Tools
  67. Hacking Tools For Windows
  68. Pentest Tools Open Source
  69. Hack Apps
  70. Nsa Hack Tools Download
  71. Hacking Tools For Windows
  72. Pentest Tools Download
  73. Black Hat Hacker Tools
  74. Best Pentesting Tools 2018
  75. Hacking Tools For Windows
  76. Hacking Apps
  77. Hacking Tools Name
  78. Physical Pentest Tools
  79. Black Hat Hacker Tools
  80. Hacker Tools 2019
  81. Pentest Automation Tools
  82. Hacker Tools For Ios
  83. Termux Hacking Tools 2019
  84. Kik Hack Tools
  85. Pentest Tools Alternative
  86. Hack Tools For Windows
  87. Github Hacking Tools
  88. Pentest Tools For Ubuntu
  89. Hacking Tools For Games
  90. Hacking Tools 2020
  91. Hack Website Online Tool
  92. Hack Tools Github
  93. What Are Hacking Tools
  94. Pentest Tools Download
  95. Easy Hack Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)